FOCA Free 3.0

Make sure your website documents aren't giving away important information in their metadata

By Mike Williams | Oct 28, 2011

Share

TwitterFacebookLinkedInGoogle Plus

FOCA is an interesting penetration testing tool that allows you to find out more about a website by (amongst other things) analysing the metadata in any documents it makes available.

The process is surprisingly easy. Simply create a new document pointing FOCA at your website, click the Search All button, and FOCA will display all the PDF, Microsoft Office, Open Office and other documents on the site that have been indexed by Google, Bing and Exalead. (Which can be useful in itself, as you might discover you're exposing documents that were never intended for public view.)

Then, in a couple of clicks, you can have FOCA download these documents, extract their metadata, and summarise the results in a simple report. Exactly what might be exposed depends on the documents, what's been used to create them, and how well they've been cleaned, but commonly you'll see user names, network folders, printer names, email addresses, details on the software that's been used to create the files, and more - all very useful for hackers who might be looking to discover more about a particular target.

If you find your documents give away more information than you'd like, then check the creating software for tools that might be useful (search for keywords like Document Inspector or "metadata" in Office 2010, say).

Or, if you run your own IIS-based server, the FOCA authors also produce a program that may be of interest: MetaShield Protector. This cleans documents before they're sent to the client, so there's never any danger of information leaks.

Verdict

A quick and easy way to analyse the metadata found in any website's documents